8 matches found
Some ERC20Votes tokens will not work if you set approve() to any value without setting to zero first
Lines of code Vulnerability details Impact Not setting allowance to Zero before changing the allowance can hinder the deployment of the ERC20ProxyDelegator contract for some ERC20 tokens Proof of Concept Some ERC20 tokens like USDT with Voting enabled will not work when changing the allowance fro...
USDT tokens should approve to zero first otherwise it may cause other tokens to get stuck in the case of aprooveMultipleTokens
Lines of code Vulnerability details Impact Unsafe ERC20 approve that do not handle non-standard erc20 behavior. Some token contracts do not return any value. Some token contracts revert the transaction when the allowance is not zero. Proof of Concept When receiving tokens to the destination chain...
FETH.sol is susceptible to ERC20 approve functionality front-running exploit
Lines of code Vulnerability details Proof of concept The problem is perfectly described here The tldr; is that if you approved a person to spend 100 tokens and then you want to decrease his allowance to 50, if he spends his 100 tokens allowance before you set his allowance to 50 he will be able t...
Deprecated safeApprove() function
Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...
Yield sources cannot be swapped back
Handle shw Vulnerability details Impact The setYieldSource function of SwappableYieldSource calls the safeApprove function to approve the yield sources with the maximum allowance of transferring underlying tokens. However, according to OpenZeppelin's implementation, the safeApprove function...
The approveMax function of MStableYieldSource always reverts
Handle shw Vulnerability details Impact The approveMax function of MStableYieldSource calls the safeApprove function to set the allowance to the maximum. However, at the time of call, the allowance should be non-zero since it was set to the maximum in the constructor function. The non-zero...
safeApprove() for Yearn Vault may revert preventing deposits causing DoS
Handle 0xRajeev Vulnerability details Impact The depositInVault function for Yearn yield source uses ERC20 safeApprove from OpenZeppelin's SafeERC20 library to give maximum allowance to the Yearn Vault address if the current allowance is less than contract’s token balance. However, the safeApprov...
usage of safeApprove
Handle pauliax Vulnerability details Impact depositInVault in contract YearnV2YieldSource calls safeApprove when the allowance is less than the token balance: if token.allowanceaddressthis, addressv token.balanceOfaddressthis token.safeApproveaddressv, typeuint256.max; This does not mean that the...